Menu
Mozilla 'Plug-n-Hack' project aims for tighter security tool integration

Mozilla 'Plug-n-Hack' project aims for tighter security tool integration

The project aims to solve hiccups in how security tools work with web browsers

Mozilla is developing a protocol that aims to let security tools and Web browsers work better together.

Configuring a web browser to work with a security tool involves writing platform and browser-specific extensions, a non-trivial process that discourages people with less experience, wrote Simon Bennetts, a security automation engineer with Mozilla, on Thursday.

The proposed standard, called "Plug-n-Hack," will define how security extensions can work with a browser in a more usable way, Bennetts wrote. PnH will allow the security tool to "declare the functionality that they support which is suitable for invoking directly from the browser."

Under the current arrangement, if a user wants to, for example, intercept HTTPS traffic, a user must configure proxy connections through the tool and browser correctly and import the tool's SSL (Secure Sockets Layer) certificate, Bennetts wrote.

"If any of these steps are carried out incorrectly then the browser will typically fail to connect to any website -- debugging such problems can be frustrating and time-consuming," Bennetts wrote.

Users may also have to switch often between the tool and their browser to intercept an HTTPS request.

"PnH allows security tools to declare the functionality that they support which is suitable for invoking directly from the browser," Bennets wrote. "A browser that supports PnH can then allow the user to invoke such functionality without having to switch to and from the tool."

The PnH protocol is being designed to be browser and tool independent. The implementation for Firefox has been released under the Mozilla Public License 2.0 and can be incorporated into commercial products for free, Bennetts wrote.

The next phase of the project is being planned, but it is expected it will allow browsers to "advertise their capabilities to security tools," he wrote.

"This will allow the tools to obtain information directly from the browser, and even use the browser as an extension of the tool," Bennetts wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags browserssoftwareapplicationsmozilla

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.‚Äč

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments